This is my understanding of the device update process and how to troubleshoot. This whole process could be a lot smoother in my opinion, I find it a right pain!
Devices use Domain Name System (DNS) to determine the address of the server that is running the Device Update Web service, which is hosted on Web Services. For internal communications, the Web Services IP address must be available in DNS, as must the SRV record for SIP
The device uses DNS to find the SIP domain portion, by querying the SRV record. The SIP domain is extracted from the resulting fully qualified domain name (FQDN), and ucupdate S-R2 is prepended. If the device is internal, :443/requesthandlerInt/ucdevice.upx is appended. If the device is external, the hardware load balancer should replace the port 443 with port 4443.
While it is not a critical problem if the Device Update Web service cannot be found by using DNS, the device will log on and then use the in-band value to locate the service. If the update itself is something critical to successful logon, this can result in device connectivity failures.
External Devices
If the device is outside the organization’s firewall, and the user is signed in, the Device Update Web service returns a response indicating that anonymous access is not supported. The device then sends an HTTPS update request over port 443 to the Device Update Web service. The Device Update Web service returns one of the responses listed previously in the internal case.
In the Configure a Reverse Proxy step, configure the reverse HTTP proxy to use the Device Update Web service virtual directory https://<web services external Server FQDN>:443 for the external URL for Web Services and the Device Update Web service.
DNS Records for External Devices
SRV
Edge Server: _sip._tls.<sip domain> (External TLS)
Allows external devices to connect by using SIP over TLS to the Registrar internally.
A
Reverse proxy FQDN:<server name>.<SIP domain>
Allows external devices to connect by using TLS over HTTP to the Device Update Web service.
URL to Updates
/RequestHandlerExt/Files/UCPhone/ is the IIS web path to the following file share:
To test that update files are available via the web services URL navigate to the file share and find the update that you want to test. Then browse to the URL and append the file path on the end.
e.g.
By browsing to such a URL you can confirm that the updates are available for download. You will be prompted for authentication which requires a Lync user account.
References:
http://technet.microsoft.com/en-us/library/gg412864(v=ocs.14).aspx
http://technet.microsoft.com/en-us/library/gg398745(v=ocs.14).aspx
http://technet.microsoft.com/en-us/library/gg412864(v=ocs.14).aspx
http://technet.microsoft.com/en-us/library/gg398745(v=ocs.14).aspx